Tuesday, June 22

Shall I cough on you, George?

On my XP machines, I run Norton AntiVirus 2003 and hope not to be bothered. In addition, I manually run Ad-aware because of Symantec's stance regarding trojans and spyware (they're not viruses, hence Norton doesn't bother to protect against them).1


Well, this apparently wasn't enough. For the past two days, I've had various horrible symptoms: home page hijacks, toolbar reconfigurations, popups when no browser is running and other irritating things as well. I update Norton and scan: nothing. Update Ad-aware, and get all sorts of malware detected, which Ad-aware removes. But the symptoms reappears some time later.


I check the websites that the pop-ups and hijack destinations reference, nothing interesting and googling them yields nothing either. Trend Micro's HouseCall ActiveX-based malware scanner doesn't run at all — IE crashes.


Without any clues other than the fact that HouseCall won't run (suspicious in itself) I download the trial version of Trend Micro's stand-alone antivirus product, PC-cillin. Interestingly, the installer refuses to run unless Norton is uninstalled! After some thrashing around, I decide to uninstall Norton and install PC-cillin. After installing and updating PC-cillin I get to run it. Immediately, it finds TROJ_AGENT.AC and JAVA_BYTEVER.A.2 Problem solved.


This experience doesn't give me a whole lot of faith in Norton. I do get a giggle, though, from the thought of a silent war for disk space between software trial versions.


[1] This policy was changed in the 2004 version.


[2] Turns out what my PC had was the CoolWebSearch hijack trojan which uses the ByteVerify exploit in the MS Java VM and is notoriously difficult to get rid of.

No comments: